Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options
how can the spammers pass the recaptcha ?
i realize that fake users manage to be registered, is there any extra precaution for protecting
0
Comments
There are cheap living areas in the world like India where paying an actual human to spam is a business. If your community is large enough, then your users should be able to self moderate things by flagging spam posts. An active and loyal forum is your protection.
I've seen sites (yii for example) that do not allow links posted in messages for users that have either just registered or have a low post count.
I can also recommend the BotStop plugin: http://vanillaforums.org/addon/botstop-plugin
As Halfcat said you can't beat botstop. Even better with approval, then no real need for recaptcha. And as anonymouse pointed out applicants can still pm. with a fix here
http://vanillaforums.org/discussion/comment/169912/#Comment_169912
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
There are also tools like which make use of image manipulation techniques to bypass captchas.
The predominant distortion in the captcha is of noise-like nature. It is possible to extract a series of different images with the same information encoded in them. Averaging of a series of images can be used to improve image quality (reduce distortion, or improve signal-to-noise ratio, so to say) of captchas and hence to make them more easily recognizable by OCR (optical character recognition) systems.
This does not work with reCaptcha though. The distortion is not the only factor but also the different scan quality and font usage make it close to impossible to defeat with algorithms. However, it has been cracked multiple times in the past. The most recent one - to my knowledge - was by defeating the audio code which is mainly designed for blind users. Also there is always the possibility of letting real people solve it. It mustn't necessarily be by paid people but also could be done by users who expect to unlock something else but are in fact solving a captcha for a registration bot. So many possibilities
It is safe to say that the safest captcha is the one that you customized on your own. BotStop is a good way to go.
Only half of a recaptcha is actually needed. You can enter the half it needs and anything else as the other half. The way to tell is the "other half" is that it pretty much uses the same text style in every one.
The "other half" is you translating things for Google.
That's not what I experienced and read about. The "other half" is just a part of text that others have solved correctly. It is in no way similar looking.
@HalfCat I was under the impression the capchas were solved by users, and the best answer of the "other half" was used in translating (meaning anything could be added), while the other side was already translated and a correct answer expected for that.
Straight from source:
The unidentified words are verified by many different users, but you can enter whatever text you'd like. The control word must be identified correctly, but not the second one. You are assisting Google & others' OCR efforts by identifying it yourself.
@OnlyAnExcuse That is correct. However, this does not imply that the part that is already known does always look the same. It is also taken from random books, has a different font, scan quality etc.
@LeeH Yes, I know.